The official X (formerly Twitter) account of the New York Post was recently compromised, with attackers using it to send fraudulent direct messages, mainly targeting members of the cryptocurrency community. This breach has sparked concern among crypto enthusiasts, prompting cybersecurity analysts to examine the tactics used in the attack.
Details of the X Account Breach: What Unfolded
The first signs of the security breach emerged on May 3, when Alex Katz, CEO of Kerberus, sounded the alarm with a public post and screenshot evidence. Katz revealed that the messages appeared to be authored by journalist Paul Sperry, though they were clearly fake. The verified New York Post account was allegedly used to send out podcast interview requests, inviting users to respond via Telegram.
However, the interview offer turned out to be a front for a scam operation, designed to lure victims into shady communication channels. After sending the deceptive messages, the attackers blocked the recipients, making it impossible for them to report the incident to the real New York Post team.
Scam Tactics and Potential Security Flaws
In contrast to more typical cyberattacks, the hackers refrained from sharing links to harmful websites or requesting cryptocurrency transfers through compromised wallets. Instead, they relied on the account’s legitimacy to spread misleading messages, encouraging interaction over Telegram.
Donny Clutterbuck, a representative of the Bitcoin ordinals NFT project Fomojis, suggested the breach might have originated from a vulnerability in Zoom. He theorized that malware could have been installed during a virtual meeting, enabling the attackers to gain the necessary permissions to operate the X account.
This possibility underscores the evolving sophistication of cyberattacks, where social engineering is paired with technical exploits to infiltrate high-profile systems.
Parallels to the Attack on The Defiant’s X Account
According to blockchain researcher ZachXBT, the breach mirrors a previous incident involving the X account of The Defiant, a decentralized finance media outlet. In that case, similar fraudulent messages were distributed after the account was taken over.
The recurring nature of such incidents indicates that prominent media platforms, especially those in the blockchain space, are now frequent targets for organized cybercriminal efforts.
No Official Statement from the New York Post
Despite the seriousness of the situation, the New York Post has yet to issue a public statement or offer clarification via its official channels. This absence of communication raises concerns about how aware the organization is of the breach and the robustness of its internal security protocols.
Cointelegraph reached out to the publication for comment but did not receive a prompt reply. The lack of transparency has only heightened unease among users and cybersecurity professionals, particularly amid rising incidents of online scams.
Crypto Community at Risk: Precautionary Measures Urged
Due to the crypto sector’s inherently digital nature and the swift movement of funds, community members remain highly vulnerable to social platform scams. It is crucial for users to implement the following safety practices:
- Be skeptical of unsolicited DMs, especially those urging you to switch to messaging apps like Telegram.
- Avoid clicking on unverified links or responding to offers of interviews or professional collaborations without thorough verification.
- Report any suspicious communication to both the social media platform and the account administrators.
- Ensure video conferencing tools like Zoom are updated to the latest versions to prevent malware exploitation.
Significance of Secure, Verified Social Accounts
The New York Post incident highlights how critical it is for verified and high-profile accounts—especially those belonging to news organizations or crypto-linked entities—to maintain top-tier digital security. While such accounts serve as trusted sources of information, they are also valuable assets for cybercriminals looking to exploit that trust.
To mitigate future risks, account managers should adopt stronger protective measures, including two-factor authentication, frequent access audits, and strict internal protocols.
Moving Forward: The Role of Users and the Media
The compromise of the New York Post’s X account demonstrates the urgent need for digital literacy and the use of effective security tools. Users in the crypto community and beyond must be trained to detect red flags in communications that appear authentic on the surface.
At the same time, media organizations must act quickly and transparently when breaches occur. Prompt communication can maintain audience trust and help prevent further damage by warning others of the scam.
Ultimately, users should stay alert and take responsibility for sharing verified information to help the broader community stay safe.
This incident serves as a stark reminder of the importance of defending digital reputations and the growing necessity of cooperation in the fight against cybercrime. Through collective awareness and resilience, we can better protect the ever-expanding digital landscape.